Competitive comparison

Network detection and response delivers the most comprehensive insight into hidden threats and empowers incident responders to act with confidence. Network traffic analysis is a core technology for detecting hidden threats, but there are several decision criteria that you should consider. Read our detailed comparisons to learn more.

Featured upcoming events

About Vectra

Vectra is the world leader in applying artificial intelligence to detect and respond to cyberattacks in cloud, data center and enterprise infrastructures in real time, while empowering security analysts to perform conclusive incident investigations and AI-assisted threat hunting.

Comprehensive cyberattack detection and response is mandatory in today’s hostile data environments, and the stakes have never been higher. No other company comes close to Vectra in proactively hunting down cyberattackers and reducing business risk.

Our core team consists of threat researchers, white hats, data scientists, network security engineers, and UI designers. We constantly push the boundaries of what's possible to drive the next generation of security.

Blog - article

Sorry, this blog post has not been posted yet. Come back and check again later!

Bringing attack detections to the data center

By:

Wade Williamson

September 13, 2016

In extending the Vectra cybersecurity platform to enterprise data centers and public clouds, we wanted to do more than simply port the existing product into a virtualized environment. So, Vectra security researchers, data scientists, and developers started with a fresh sheet of paper to address the real-world challenges and threats that are unique to the enterprise data centers and clouds.

Visibility and intelligence that spans the enterprise

First, it was important to remember that the data center can be both integrally connected, yet in some ways separated from the physical enterprise. For example, attacks can spread from the campus environment to the data center environment, and security teams absolutely need to know how these events are connected. On the other hand, 80% of data center traffic never leaves the data center, making it invisible to traditional security controls.

Vectra addresses both of these realities, by building a unified approach to cyber security that integrates native visibility of the virtual data center environment with our more traditional visibility into campus and remote office environments. Vectra virtual sensors can attach to vSwitches to reveal attack behaviors between virtual workloads. Integration with VMware vCenter also provides a top-down overview of the environment and can alert staff anytime a virtual asset is not being monitored by Vectra.

Ready for the most advanced attacks

When looking at the state of security in the data center, it was clear that most of the industry’s focus has been around things like segmentation and policy control within the virtual environment. Such control is important, but policy enforcement is not the same as detecting active cyber attacks.

The high value of data centers means that they will attract some of the most advanced attackers, and their position within the enterprise means that attacks may be relatively mature by the time they reach the data center. For example, an attacker may initially compromise an employee laptop at the perimeter, spread internally, gain administrative credentials, and only then move against the data center. It was clear we needed to prepare for advanced attackers operating at an advanced stage of attack.

To this end, we developed new detection models that detect the most advanced attack strategies and address the entire attack surface of the data center. For example, we quickly recognized that some of the most advanced adversaries were not trying to compromise the virtual environment, but instead, were focused on subverting the physical infrastructure that the virtual data center depends on. For instance, if an attacker can plant a backdoor below the operating system of a server and read the physical disk, then he can see any data he wants.

To this end we developed new detection models to reveal subverted infrastructure both within the data center as well as in the campus environment. This can reveal sub-OS rootkits such as Synful Knock that have been seen in networking infrastructure, backdoors in firewalls such as those revealed in the recent Equation Group breach, or the abuse of low-level management protocols such as IPMI that are used to manage servers within the data center.

Next, we turned our attention to the human element of trust in the data center. Administrators are the key to keeping a healthy and reliable data center, but they are also prime targets for attackers. With this release Vectra introduces new detection models to reveal signs of compromised or rogue administrators as well as end-users who may be abusing administrative credentials.

About the author

Wade Williamson

Wade Williamson is a cybersecurity writer, product manager and marketer. Wade held a position as director of product marketing at Vectra with previous experience as a security researcher at Shape Security. Prior to Shape Security, he was a senior security analyst at Palo Alto Networks.